Wild one from Trail of Bits: malicious MCP servers can sneak in “compliance tools” that trigger on phrases like “thank you” and trick the LLM into leaking your entire chat history. That means API keys, PHI, IPs, everything. Vet your MCP stack. Add guardrails.